Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
5.3
TransformerOptimus SuperAGI allows unauthorized access to user data
CVE-2026-6584
Summary
A weakness in TransformerOptimus SuperAGI, a popular AI software, allows an attacker to access user data without proper authorization. This means someone with malicious intent can potentially gain access to sensitive user information. Users of TransformerOptimus SuperAGI should update to the latest version (0.0.15 or higher) to protect their data.
Original title
A vulnerability was found in TransformerOptimus SuperAGI up to 0.0.14. This vulnerability affects the function update_user of the file superagi/controllers/user.py of the component User Update Endp...
Original description
A vulnerability was found in TransformerOptimus SuperAGI up to 0.0.14. This vulnerability affects the function update_user of the file superagi/controllers/user.py of the component User Update Endpoint. The manipulation of the argument user_id results in authorization bypass. The attack may be performed from remote. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
nvd CVSS2.0
5.5
nvd CVSS3.1
5.4
nvd CVSS4.0
5.3
Vulnerability type
CWE-285
Improper Authorization
CWE-639
Authorization Bypass Through User-Controlled Key
Published: 20 Apr 2026 · Updated: 20 Apr 2026 · First seen: 20 Apr 2026